Bug 580691 - SELinux is preventing /usr/bin/perl "append" access on /razor-agent.log.
Summary: SELinux is preventing /usr/bin/perl "append" access on /razor-agent.log.
Keywords:
Status: CLOSED DUPLICATE of bug 514979
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 12
Hardware: i386
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard: setroubleshoot_trace_hash:f2c7b119a15...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-04-08 19:07 UTC by Laurent Jacquot
Modified: 2010-11-13 07:05 UTC (History)
6 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2010-04-09 13:11:05 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description Laurent Jacquot 2010-04-08 19:07:14 UTC
The packages pyzor and spamassissin do not have any customization
Looks like BZ514979 is still relevant


SELinux is preventing /usr/bin/perl "append" access on /razor-agent.log.

Contexte source               system_u:system_r:spamd_t:s0
Contexte cible                system_u:object_r:etc_runtime_t:s0
Objets du contexte            /razor-agent.log [ file ]
source                        spamd
Chemin de la source           /usr/bin/perl
Port                          <Inconnu>
Hôte                         (removed)
Paquetages RPM source         perl-5.10.0-87.fc12
Paquetages RPM cible          
Politique RPM                 selinux-policy-3.6.32-106.fc12
Selinux activé               True
Type de politique             targeted
Mode strict                   Enforcing
Nom du plugin                 catchall
Nom de l'hôte                (removed)
Plateforme                    Linux (removed) 2.6.32.9-70.fc12.i686.PAE #1
                              SMP Wed Mar 3 04:57:21 UTC 2010 i686 i686
Compteur d'alertes            15
Première alerte              ven. 26 mars 2010 04:13:00 CET
Dernière alerte              jeu. 08 avril 2010 06:09:00 CEST
ID local                      b673b27d-2a50-4c42-a296-db10e4f1d40f
Numéros des lignes           

Messages d'audit bruts        

node=(removed) type=AVC msg=audit(1270699740.92:225501): avc:  denied  { append } for  pid=17085 comm="spamd" name="razor-agent.log" dev=dm-18 ino=13 scontext=system_u:system_r:spamd_t:s0 tcontext=system_u:object_r:etc_runtime_t:s0 tclass=file

node=(removed) type=SYSCALL msg=audit(1270699740.92:225501): arch=40000003 syscall=5 success=no exit=-13 a0=b9b531c a1=8441 a2=1b6 a3=0 items=0 ppid=17081 pid=17085 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=378 comm="spamd" exe="/usr/bin/perl" subj=system_u:system_r:spamd_t:s0 key=(null)



Hash String generated from  catchall,spamd,spamd_t,etc_runtime_t,file,append
audit2allow suggests:

#============= spamd_t ==============
allow spamd_t etc_runtime_t:file append;

Comment 1 Daniel Walsh 2010-04-08 19:35:03 UTC
Why do you have a log file in /?

If you move razor-agent.log to /var/log it should work.

Comment 2 Laurent Jacquot 2010-04-08 21:13:00 UTC
You are right: It should be in /var/log, but as stated i did not customize the packages.
Hence the bug report :-)
It is not a selinux bug in my eyes, but is this a pyzor or a spamassassin bug?

For the record, bugzilla 514979 logged the same problem in f11.


BTW I am also interested in any information on how to move razor-agent.log to /var/log now (before any updated package)

Comment 3 Carl G. 2010-04-09 13:11:05 UTC
http://linux.die.net/man/5/razor-agent.conf

logfile
Log file for the Razor Agents. The default is "razor-agent.log".

Try giving an absolute path to the logfile ?

I'n going to close this bug report, if you need any further assistance you should go on irc.freenode.org in #Fedora.
---

Fedora Bugzappers volunteer triage team
https://fedoraproject.org/wiki/BugZappers

Comment 4 Laurent Jacquot 2010-04-09 18:50:11 UTC
Excuse me, but I do not agree: in my eyes it is a real bug.
Imagine if each user had to configure each log file in the system!
/ would be crowded with log files!!

razor-agent.conf should have sane defaults (either in $HOME or /var/log I don't know)

Thanks anyway for the conf tip and do not forget to close also #514979

Comment 5 Carl G. 2010-04-09 21:16:28 UTC
You're right, i'm going to fwd the actual pkg. maintainer on 514979

*** This bug has been marked as a duplicate of bug 514979 ***


Note You need to log in before you can comment on or make changes to this bug.